Daily Archives: June 25, 2021

NFC Flaw Lets Hacker Break ATMs With a Phone

Posted on by

[…]

According to Wired, however, at least one researcher has found a way to avoid most of this trouble, drawing cash from ATMs like magic with a simple flick of his wrist. The outlet reported Thursday that Josep Rodriguez, a researcher and consultant at security firm IOActive, has built up a collection of bugs affecting NFC systems—a.k.a. near-field communication—which many modern machines rely on to wirelessly transmit data, including debit and credit card info.

Rodriguez, who’s hired to legally test machines to improve their security, has been able to use NFC readers to trigger what programmers call a “buffer overflow,” or excess of data that corrupts a machine’s memory. This decades-old attack has allowed Rodriguez to exploit ATMs and other point-of-sale machines—think retail store checkout machines—in a variety of ways: capturing payment card info, injecting malware, and even in one case “jackpotting” an ATM, which is exactly what it sounds like:

“Rodriguez has built an Android app that allows his smartphone to mimic those credit card radio communications and exploit flaws in the NFC systems’ firmware. With a wave of his phone, he can exploit a variety of bugs to crash point-of-sale devices, hack them to collect and transmit credit card data, invisibly change the value of transactions, and even lock the devices while displaying a ransomware message.”

According to Wired, Rodriguez has kept his findings under wraps for around a year and is otherwise legally bound not to reveal the identities of certain companies he’s worked for. Nevertheless, being bothered that a decades-old technique is still affecting a host of modern machines, he intends to disclosure more technical details in the coming weeks in an effort to call attention to, as Wired puts it, “the abysmal state of embedded device security more broadly.”

Source: NFC Flaw Lets Hacker Break ATMs With a Phone

Which is why people think Responsible Disclosure is important – ie telling a company about a flaw and then giving them a reasonable time frame to fix it before going public with the full details of the flaw. If you don’t do it, the problem doesn’t get fixed.

Ubisoft Takes Down Fan’s Incredible Far Cry 5 ‘GoldenEye’ Maps

Posted on by

For the past few years, a YouTuber known as Krollywood has painstakingly recreated every level from GoldenEye 007 inside the level editor of Far Cry 5. This week, Ubisoft removed all of those levels from Far Cry 5 due to a copyright infringement claim.

Kotaku first reported on Krollywood’s efforts earlier this month. Over the course of three years, in an endeavor that tallied more than 1,400 hours, Krollywood recreated every stage from GoldenEye 007, the classic N64 shooter (well, save for the two bonus levels). It was an impressive effort: a modernized recreation of a beloved yet tough-to-find old game. And it looked great, too.

Read More: Here’s GoldenEye 007 Remade From The Ground Up In Far Cry 5

You could find and play these levels yourself by hopping into Far Cry 5’s arcade mode and punching in Krollywood’s username. As of this writing, you no longer can. Ubisoft removed them all from Far Cry 5, a move that Krollywood described as “really sad,” noting that he probably won’t be able to restore them since he’s “on their radar now.”

“I’m really sad—not because of myself or the work I put in the last three years, [but] because of the players who wanna play it or bought Far Cry just to play my levels,” Krollywood told Kotaku in an email today.

When reached for comment, a representative for Ubisoft kicked over this statement:

In following the guidelines within the ‘Terms of Use’, there were maps created within Far Cry 5 arcade that have been removed due to copyright infringement claims from a right [sic] holder received by Ubisoft and are currently unavailable. We respect the intellectual property rights of others and expect our users to do the same. This matter is currently with the map’s creator and the rights holder and we have nothing further to share at this time.

Ubisoft did not immediately respond to follow-up requests asking whether the rights holder mentioned is MGM, which controls the license to the original GoldenEye 007.

The rights around the GoldenEye 007 game have been stuck in a quagmire for decades. Famously, Rare, the developer of the original game, planned a remake for the Xbox 360. That was cancelled in 2008. (Years later, Xbox boss Phil Spencer chalked up the cancellation to the legal rights issues being “challenging.”) That canned remake resurfaced as a full 4K60 longplay via a leak this January, with a playable version making the rounds online shortly after. A Kotaku report concluded: It was fun.

It is further unclear how, exactly, Krollywood’s map remakes in Far Cry 5 harm MGM at all—or how it violates Ubisoft’s terms of service in the first place. Krollywood didn’t use any assets or code from the original game. He didn’t attempt to sell it or otherwise turn a profit. And MGM doesn’t own any of the code from Ubisoft’s open-world shooter.

A sampling of Krollywood’s efforts…Image: Krollywood / Ubisoft
Those corpses represent every attempt to play GoldenEye 007 in any other format than the original game.Image: Krollywood / Ubisoft
Some of the remade levels stoke major wanderlust.Image: Krollywood / Ubisoft

Players just want a taste of nostalgia, and MGM has a track record of shattering the plates before they’re even delivered to the table. (Recall GoldenEye 25, the fan remake of GoldenEye 007 remade entirely in Unreal 4 that was lawyered into oblivion last year.) MGM has further neglected to do anything with the license it’s sitting on—for a game that’s older than the Game Boy Color, by the way. At the end of the day, shooting this latest fan-made project out of the sky comes across as a punitive move, at best.

“In the beginning, I started this project just for me and my best friend, because we loved the original game so much,” Krollywood said. “But there are many GoldenEye fans out there … [The project] found many new fans and I’m so happy about it.”

Source: Ubisoft Takes Down Fan’s Incredible Far Cry 5 ‘GoldenEye’ Maps

Bah. Humbug.

Russia spoofed AIS data to fake British warship’s course days before firing at them from a huge distance in Crimea

Posted on by

Russia was back up to its age-old spoofing of GPS tracks earlier this week before a showdown between British destroyer HMS Defender and coastguard ships near occupied Crimea in the Black Sea.

Yesterday Defender briefly sailed through Ukrainian waters, triggering the Russian Navy and coastguard into sending patrol boats and anti-shipping aircraft to buzz the British warship in a fruitless effort to divert her away from occupied Crimea’s waters.

Russia invaded Ukraine in 2014 and has occupied parts of the region, mostly in the Crimean peninsula, ever since. The UK and other NATO allies do not recognise Ukraine as enemy-held territory so Defender was sailing through an ally’s waters – and doing so through a published traffic separation scheme (similar to the TSS in the English Channel), as Defence Secretary Ben Wallace confirmed this afternoon.*

Yet, among yesterday’s drama and tension, Russia had previously spoofed maritime Automatic Identification System (AIS) signals to show Defender and her Dutch flotilla mate HNLMS Evertsen as sailing straight for the Russian naval base in Sevastopol, southwest Crimea. Neither warship was doing that: while Russia was claiming NATO warships were threatening Russia, both vessels were captured on live webcams in another Ukrainian port.

The latest batch of AIS fiddling took place on 17 June, according to naval analyst HI Sutton, writing for the US Naval Institute’s blog: “Despite the AIS track, there is clear evidence that the two warships did not leave Odessa.”

This week’s tensions should remind the world that Russia has no compunction about interfering with widely available tech systems.

[…]

AIS works on an honesty-based system, at its simplest. The all-but-mandatory system (ships below 300 tons are exempt) works through each ship at sea broadcasting its GPS coordinates. Other ships receive those signals and assemble them onto display screens mounted on the vessel’s bridge for crew to monitor, usually as part of an integrated ECDIS system. It’s an insecure system insofar as vulns exist that allow spoofing of AIS data, as first revealed almost a decade ago. Shore stations can also receive and rebroadcast AIS signals, amplifying them – and providing a vector for the unscrupulous to insert their own preferred data.

[…]

AIS spoofing is similar to GPS spoofing in that broadcasting false data can mislead the wider world. Back in 2018, researchers built a GPS-spoofing unit out of a Raspberry Pi, transmitting false location data to confuse a targeted car’s satnav.

This proof-of-concept unit using consumer-grade, readily available equipment merely spells out what nation states such as Russia (and the West, naturally) have been toying with for years. Western GPS spoofing is a fact of life in the Eastern Mediterranean, as frustrated airline pilots and air traffic controllers know all too well, and the effects of AIS spoofing are very similar for those who depend on public datafeeds to keep up with the world around them.

[…]

Source: Russia spoofed AIS data to fake British warship’s course days before Crimea guns showdown • The Register

You Don’t Own What You’ve Bought: Peloton Treadmill Edition

Posted on by

We’ve written so many stories about how you don’t own what you’ve bought any more due to software controls, DRM, and ridiculous contracts, and it keeps getting worse. The latest such example involves Peloton, which is most known for its extremely expensive stationary bikes with video screens, so that you can take classes (usually on a monthly subscription). I will admit that I don’t quite understand the attraction to them, but so many people swear by them. The company also has branched out into extremely expensive treadmills with the same basic concept

[…]

Peloton announced that they will refund the machine, which costs $4,295, and are working on a mandatory software update that will automatically lock the Tread+ after each use and require a unique password to be used to unlock the machine.

That automatic lock and password idea sounds sensible enough, given the situation, but in order to get it to work, but apparently Peloton hasn’t figured out how to make that work for customers who bought the treadmill and aren’t using its subscription service for classes. The Tread+ does have a “Just Run” mode, in which it acts like a regular treadmill (with the video screen off). But, as Brianna Wu discovered, the company is now saying that the “Just Run” mode now requires a subscription to work with the lock. The company is waiving the cost of such a subscription for three months, and it’s unclear from the email if that means that after the three months they’re hoping to have the “Tread Lock” working even for non-subscription users:

If you can’t see it, the image is an email from Peloton customer support saying:

We care deeply about the safety and well-being of our Members and we created Tread Lock to secure your Tread+ against unauthorized access.

Unfortunately at this time, ‘Just Run’ is no longer accessible without a Peloton Membership.

For this inconvenience, we have waived three months of All-Access Membership for all Tread+ owners. If you don’t see the waivers on your subscription or if you need help reactivating your subscription, please contact our Support team….

Now, it’s possible that the subscription part is necessary to update the software to enable the lock mode, but that seems… weird. After all, there must have been some sort of software upgrade that locked out the “Just Run” mode in the first place.

[…]

 

Source: You Don’t Own What You’ve Bought: Peloton Treadmill Edition | Techdirt

Russian Video Proves Patrol Boat Was Far From British Destroyer When It Fired Warning Shots by Crimea

Posted on by

The fallout from yesterday’s incident in the Black Sea involving the U.K. Royal Navy Type 45 destroyer HMS Defender and elements of Russia’s military and internal security forces has taken its next turn, with the release of a video showing some of the events from the perspective of a Russian Border Guard patrol ship. The footage clearly shows the Russian vessel opening fire, as the Kremlin had asserted, but it’s also obvious that Defender was so far away at the time that it may well not have been aware this were being directed at it, in line with what British authorities have said.

The video in question was published online by the Russian Ministry of Defense’s official television station, TV Zvezda, and the state-run media outlet RIA Novosti. It was taken from the bridge of a Russian Border Guard Rubin class patrol boat, one of those that purportedly “stopped” HMS Defender yesterday from sailing within what the Kremlin claims are its territorial waters around Crimea, which it seized from Ukraine in 2014. The United Kingdom, among many other members of the intentional community, does not recognize Russia’s authority over Crimea.

BBC NEWS SCREENCAP

A Project 22460 Rubin class border patrol vessel moves in close to HMS Defender, as seen in BBC News footage.

The video includes the discussions between the Russian Border Guards and the crew of the British destroyer, with repeated demands from the Russian security forces that HMS Defender leave the area. Two Border Guard vessels are seen trailing the destroyer, while Russian jets pass overhead, and at one point, one of the Russian vessels shadows the British warship closely — a BBC journalist’s account yesterday spoke of one of the Russian vessels getting as close as 100 meters (328 feet).

One of the Border Guards is heard to say that HMS Defender is breaking the rules of innocent passage, a part of international maritime law that allows warships to move through another country’s territorial waters so long as the transit meets various criteria, particularly that it is not intended to challenge the legitimacy of any such maritime boundaries.

After several more warnings, apparently ignored by the British, one of the crew members aboard the Border Guard vessel says, in Russian: “Perform precautionary fire! Perform precautionary fire! Avoid hit! Avoid hit! Fire!”

At that point, we see the AK-630 six-barrel 30mm Gatling gun on the bow of the Border Guard vessel opening fire with several bursts, although at this point the British destroyer is seen on the horizon. Interestingly, in the BBC News report, it’s confirmed that shots were fired by the Russian side, “but they were well out of range.”

After the shots, HMS Defender confirms that it will continue to follow its internationally recognized route into international waters. This suggests that the warship continued its planned passage and the available maritime tracking data doesn’t show it making any obvious changes in course.

The available tracks are also consistent with official British accounts that the destroyer was sailing around 12 miles off the coast of Crimea. While Russia considered this to be “a flagrant violation of international norms and standards,” in the words of Sergei Tsekov, a Russian senator from the Crimea region, for the British, this amounted to “a routine transit [in] an internationally recognized traffic separation corridor,” according to the U.K. Minister of Defense Ben Wallace.

Furthermore, since, as already noted, the United Kingdom does not recognize Russia’s claims over Crimea, the waters in question are considered Ukrainian from the British government’s perspective.

BBC NEWS SCREENCAP

A Crimea-based Russian Navy Be-12 Mail amphibian flies over HMS Defender.

All in all, the video shows that Russia did at least go through the motions of taking some aggressive action, but doesn’t provide conclusive evidence that this was sufficient to actually force HMS Defender out of waters that it claims as its own.

While it’s clear that some kind of warning shots were fired, it’s also plausible that the British may not have realized what these were, and instead connected them to training exercises that were already happening in the vicinity. At least, the British would have been aware of the threat of warning shots, but their response may have been intended to deliberately provoke the Russians.

“We believe the Russians were undertaking a gunnery exercise in the Black Sea and provided the maritime community with prior warning of their activity,” the U.K. Ministry of Defense tweeted yesterday. “No shots were directed at HMS Defender and we do not recognize the claim that bombs were dropped in her path.”

Those bombs were, according to Russian accounts, dropped across the path of the destroyer by a Su-24M Fencer combat jet, to provide an additional warning to the British warship. So far, we have seen no evidence of the bombs actually being dropped, although video from a BBC News report yesterday does at least show a Su-24M in the vicinity seemingly carrying high-explosive bombs. The BBC also reported that the crew of the Defender was aware of the presence of at least 20 Russian military aircraft flying the area over the course of the incident.

BBC NEWS SCREENCAP

A Russian Navy Su-24M buzzes HMS Defender, apparently carrying unguided bombs under its wings and below the fuselage.

Rosoboronexport

An OFAB-500 freefall bomb, as reportedly used by a Russian Su-24M as a warning to the destroyer.

All in all, it seems that this latest footage released by Russia is intended to bolster its account of what happened yesterday, which is based around its military and security forces taking strong action to ward off HMS Defender from what it deemed a territorial violation. Since the incident yesterday, Russian news outlet Kommersant has also published a map showing areas around Crimea that were reportedly temporarily closed for military drills, one of which HMS Defender apparently passed through.

While the British side has not mentioned these apparent restrictions, or whether it was aware of them, it was seemingly entirely deliberate in choosing this particular route for its warship and would have known that it would trigger a response of some kind from Russia. For the British, however, the importance of this incident was in demonstrating its right to innocent passage using a route through internationally recognized waters, while signaling its resolve to its partner Ukraine.

With the largest-ever Sea Breeze exercise due to start next Monday, there is every indication that tensions around Crimea and in the wider Black Sea region will only increase in the coming days, as 32 warships, plus dozens of aircraft, enter these region to commence U.S. Navy-led drills under the watchful eyes of the Russians.

As for the warning shots yesterday, while their effectiveness must be considered debatable at best, the fact that such belligerent actions are now being taken confirms the very differing views that Russia and NATO have when it comes to the movements of naval vessels and aircraft in the Black Sea region.

Source: Russian Video Proves Patrol Boat Was Far From British Destroyer When It Fired Warning Shots